#!/bin/bash

POLICY_TEMP_PATH="/tmp/policy_temp.json"
DECLARATIVE_CONFIG_PATH="/etc/cp/conf/declarative_config.cfg"
CHANGE_AGENT_MODE=true
UPLOAD_AGENT_POLICY=false
ra_token=
tenant_id=
agent_id=
profile_id=

load_agent_details()
{
    tenant_id=$(awk -F\" '/Tenant ID/{print $4}' /etc/cp/conf/agent_details.json)
    profile_id=$(awk -F\" '/Profile ID/{print $4}' /etc/cp/conf/agent_details.json)
    agent_id=$(awk -F\" '/Agent ID/{print $4}' /etc/cp/conf/agent_details.json)
}

generate_policy()
{
    cp -f /etc/cp/conf/local_policy.yaml /tmp/tmp_local_policy.yaml
    sed -i "s|\"\*\"|\"Any\"|g" /tmp/tmp_local_policy.yaml
    POLICY=$(/etc/cp/bin/yq eval /tmp/tmp_local_policy.yaml -o json)
    echo $POLICY > $POLICY_TEMP_PATH
    rm -f /tmp/tmp_local_policy.yaml
}

upload_the_policy_to_s3()
{
    echo "Uploading local policy configuration to cloud..."

    upload_res="$(curl -s -w "%{http_code}\n" --progress-bar --request PUT -T "${POLICY_TEMP_PATH}" \
        -H "user-agent: Infinity Next (a7030abf93a4c13)" -H "Content-Type: application/json" \
        -H "Authorization: Bearer ${ra_token}" \
        "$var_fog/agents-core/storage/$tenant_id/$profile_id/$((AGENT_POLICY+1))/policy-$agent_id.json")"

    if test "$upload_res" != "200"; then
        echo "Failed uploading policy to cloud: Failed Error code ${upload_res}"
        return 1
    fi

    file_exists="$(curl -s -w "%{http_code}\n" --request GET \
        -H "user-agent: Infinity Next (a7030abf93a4c13)" -H "Authorization: Bearer ${ra_token}" \
        "$var_fog/agents-core/storage/$tenant_id/$profile_id/$((AGENT_POLICY+1))/policy-$agent_id.json")"

    check_file_exists="$(echo "$file_exists" | grep 200)"
    if [ -z "$check_file_exists" ]; then
        echo "Failed uploading policy to cloud: Failed on checking the file. Error code ${check_file_exists}"
        return 1
    fi
}

send_notification_to_the_fog()
{
    correlation_id=$(cat /proc/sys/kernel/random/uuid)
    DATE=$(date "+%FT%T.000")
    upload_res=$(curl -s -w "%{http_code}\n" --request POST \
        "$var_fog/api/v1/agents/events/bulk" -H "X-Trace-Id:${correlation_id}" \
        --header "Authorization: Bearer ${ra_token}" --header "user-agent: Infinity Next (a7030abf93a4c13)" \
        --header "Content-Type: application/json" \
        --header "x-rate-limit-product-type: openappsec" \
        --data "{\"logs\": [{\"log\": {\"eventTime\": \
        \"$DATE\",\"eventName\": \"Agent started onboarding process to cloud management\",\"eventSeverity\": \
        \"Info\",\"eventPriority\": \"Urgent\",\"eventLogLevel\": \"info\",\"eventType\": \"Event Driven\",
        \"eventLevel\": \"Log\",\"eventAudience\": \"Internal\",\"eventAudienceTeam\": \"Agent Core\",
        \"eventFrequency\": 0,\"eventSource\": {\"serviceName\": \"Orchestration\",\"agentId\": \"$agent_id\",
        \"tenantId\": \"$tenant_id\",\"serviceId\": \"1\",\"issuingEngineVersion\": \"1.2229.123456\",
        \"issuingEngine\": \"onboardingInfoProvider\"},\"eventData\": {\"eventObject\": {\"onboardingInfo\":
        {\"policyVersion\": $((AGENT_POLICY+1)),\"profileId\": \"$profile_id\",\"agentId\": \"$agent_id\"}}},
        \"eventTags\": [\"Orchestration\"]}, \"tenantId\": \"$tenant_id\", \"id\": 1}]}")

    if test "$upload_res" != "200"; then
        sleep 5
        upload_res=$(curl -s -o /dev/null -s -w "%{http_code}\n" \
            --request POST "$var_fog/api/v1/agents/events/bulk" -H "X-Trace-Id:${correlation_id}" \
            --header "Authorization: Bearer ${ra_token}" --header "user-agent: Infinity Next (a7030abf93a4c13)" \
            --header "Content-Type: application/json" \
            --header "x-rate-limit-product-type: openappsec" \
            --data "{\"logs\": \
            [{\"log\": {\"eventTime\": \"$DATE\",\"eventName\": \"Agent started onboarding process to cloud management\",
            \"eventSeverity\": \"Info\",\"eventPriority\": \"Urgent\",\"eventLogLevel\": \"info\",\"eventType\": \"Event Driven\",
            \"eventLevel\": \"Log\",\"eventAudience\": \"Internal\",\"eventAudienceTeam\": \"Agent Core\",\"eventFrequency\": 0,
            \"eventSource\": {\"serviceName\": \"Orchestration\",\"agentId\": \"$agent_id\",\"tenantId\":
            \"$tenant_id\",\"serviceId\": \"1\",\"issuingEngineVersion\": \"1.2229.123456\",\"issuingEngine\":
            \"onboardingInfoProvider\"},\"eventData\": {\"eventObject\": {\"onboardingInfo\": {\"policyVersion\":
            $((AGENT_POLICY+1)),\"profileId\": \"$profile_id\",\"agentId\": \"$agent_id\"}}},
            \"eventTags\": [\"Orchestration\"]}, \"tenantId\": \"$tenant_id\", \"id\": 1}]}")
        if test "$upload_res" != "200"; then
            echo "Failed to notify the FOG on the new policy: Failed Error code ${upload_res}"
            return 1
        fi
    fi

}

get_jwt()
{
    response="$(curl -s -w --noproxy "*" --header "User-Agent: Infinity Next (a7030abf93a4c13)" \
        --header "Content-Type: application/json" --request POST --data \
        "{\"authenticationData\": [{\"authenticationMethod\": \"token\", \"data\": \"$var_token\"}], \
        \"metaData\": {\"agentName\": \"K8S\", \"agentType\": \"Embedded\", \"platform\": \"linux\", \
        \"architecture\": \"x86\", \"additionalMetaData\": {\"agentVendor\": \"python\"}}}" $var_fog/agents)"

    if [ ! -z "$( echo $response | grep referenceId)" ]; then
        echo "Couldn't register to the FOG"
        return 1
    fi
    agent_id=$(echo $response | grep -o '"agentId":"[^"]*' | grep -o '[^"]*$')
    echo "agent_id=${agent_id}" > $DECLARATIVE_CONFIG_PATH
    clientId=$(echo $response | grep -o '"clientId":"[^"]*' | grep -o '[^"]*$')
    clientSecret=$(echo $response | grep -o '"clientSecret":"[^"]*' | grep -o '[^"]*$')
    tenant_id=$(echo $response | grep -o '"tenantId":"[^"]*' | grep -o '[^"]*$')
    profile_id=$(echo $response | grep -o '"profileId":"[^"]*' | grep -o '[^"]*$')

    response="$(curl -s -w --noproxy "*" --header "User-Agent: Infinity Next (a7030abf93a4c13)" \
        --header "Content-Type: application/json" -d "{\"login\":\"$clientId\", \"password\":\"$clientSecret\"}" \
        --user "$clientId:$clientSecret" --request POST --data "{}" $var_fog/oauth/token?grant_type=client_credentials)"
    if [ ! -z "$( echo $response | grep referenceId)" ]; then
        echo "Couldn't receive JWT"
        return 1
    fi

    ra_token=$(echo $response | grep -o '"access_token":"[^"]*' | grep -o '[^"]*$')

    profile_data="$(curl -s -w "%{http_code}" --request POST $var_fog/api/v2/agents/resources/ \
        -H "X-Trace-Id:2ade3b96-2451-4720-8a58-2bc83fd73292" --header "Authorization: Bearer $ra_token" \
        --header "user-agent: Infinity Next (a7030abf93a4c13)" --header "Content-Type: application/json" \
        --data "{\"manifest\": \"\",\"policy\": \"\",\"settings\": \"\",\"data\": \"\"}")"
    if [ ! -z "$( echo $profile_data | grep referenceId)" ]; then
        echo "Couldn't receive profile data"
        return 1
    fi
    policy_md5=$(echo $profile_data | grep -o '"policy":"[^"]*' | grep -o '[^"]*$')
    if [ ! -z "$( echo $policy_md5 | grep referenceId)" ]; then
        echo "Couldn't receive profile md5"
        return 1
    fi
    policy_data="$(curl -s -w '%{http_code}\n' --request GET $var_fog/api/v2/agents/resources/policy \
        -H 'X-Trace-Id:2ade3b96-2451-4720-8a58-2bc83fd73292' --header "Authorization: Bearer $ra_token" \
        --header 'user-agent: Infinity Next (a7030abf93a4c13)' --header 'Content-Type: application/json' \
        --data '{"policy": "$policy_md5"}')"
    if [ ! -z "$( echo $policy_md5 | grep referenceId)" ]; then
        echo "Couldn't receive policy data"
        return 1
    fi

    AGENT_POLICY="$(echo $policy_data | grep -o '"version":"[^"]*' | grep -o '[^"]*$')"
    echo "AGENT_POLICY=${AGENT_POLICY}" >> $DECLARATIVE_CONFIG_PATH
    return 0
}

poll_for_status_file()
{
    correlation_id=$(cat /proc/sys/kernel/random/uuid)
    attempt_counter=0
    max_attempts=18

    until [ ${attempt_counter} -eq ${max_attempts} ]; do
        if [ ${attempt_counter} -eq ${max_attempts} ];then
            echo "Max attempts reached"
            return 1
        fi
        file_exists="$(curl -s -w "%{http_code}\n" --request GET -H \
            "user-agent: Infinity Next (a7030abf93a4c13)" -H \
            "Authorization: Bearer ${ra_token}" \
            "$var_fog/agents-core/storage/$tenant_id/$profile_id/$((AGENT_POLICY+1))/status-$agent_id.json")"

        check_file_exists=$(echo $file_exists | grep 200)
        if [ ! -z "$check_file_exists" ]; then
            FAILURE=$(echo $file_exists | grep "false")
            if [ ! -z "$FAILURE" ]; then
                echo "Failed creating the Assets: $(echo $file_exists | cut -c27- | cut -d '"' -f 1)"
                return 1
            else
                echo "."
                return 0
            fi
        else
            echo -n '.'
            attempt_counter=$(($attempt_counter+1))
            sleep 10
        fi
    done
    echo "Error: Status file was not generated"
    return 1
}

upload_policy_to_the_cloud()
{
    load_agent_details
    generate_policy
    STATUS="FAILURE"
    if [ $CHANGE_AGENT_MODE = true ]; then
        get_jwt
        if [ "$?" = "1" ]; then
            echo "Failed registering to the FOG"
            exit 1
        fi
    fi


    upload_the_policy_to_s3
    if [ "$?" = "1" ]; then
        echo "Failed uploading the policy to S3"
        exit 1
    fi

    send_notification_to_the_fog
    if [ "$?" = "1" ]; then
        echo "Failed Notifying to FOG"
        exit 1
    fi

    poll_for_status_file
    if [ "$?" = "0" ]; then
        if [ $CHANGE_AGENT_MODE = true ]; then
            open-appsec-ctl --set-mode --online_mode --token $var_token --fog $var_fog
        else
            sed -i "s|AGENT_POLICY=.*|AGENT_POLICY=$((AGENT_POLICY+1))|g" $DECLARATIVE_CONFIG_PATH
        fi
        STATUS="SUCCESS"
        exit 0
    fi
        if [ "$STATUS" = "FAILURE" ]; then
        echo "Failed to upload policy to the cloud"
        exit 1
    fi
}

usage()
{
    echo "Usage: $0 --token <token> [options...] ]"
    echo "    --token <token>         : Registration token"
    echo "Options:"
    echo "    --namespace <namespace> : Namespace with the relevant Helm Chart"
    echo "    --fog <fog address>     : Namespace with the relevant Helm Chart"
    echo "    --config-upload         : Upload policy to the fog"
    echo "    --config-upload-only    : Upload policy to the fog, withput changing agent mode"
    exit 255
}

validate_arg_value_exists()
{
    if test "$2" = "1"; then
        echo "Error: The script is missing value for '$1'"
        usage
        exit 1
    fi
}

while true; do
    if [ "$1" = "--token" ]; then
        validate_arg_value_exists "$1" "$#"
        shift
        var_token="$1"
    elif [ "$1" = "--namespace" ]; then
        validate_arg_value_exists "$1" "$#"
        shift
        var_namespace="$1"
    elif [ "$1" = "--fog" ]; then
        validate_arg_value_exists "$1" "$#"
        shift
        var_fog="$1"
    elif [ "$1" = "--config-upload" ]; then
        UPLOAD_AGENT_POLICY=true
    elif [ "$1" = "--config-upload-only" ]; then
        UPLOAD_AGENT_POLICY=true
        CHANGE_AGENT_MODE=false
        source $DECLARATIVE_CONFIG_PATH
    elif [ "$1" = "--access_token" ] || [ "$1" = "-at" ]; then
        validate_arg_value_exists "$1" "$#"
        shift
        ra_token="$1"
    elif [ "$1" = "--tenant_id" ] || [ "$1" = "-tid" ]; then
        validate_arg_value_exists "$1" "$#"
        shift
        tenant_id="$1"
    elif [ "$1" = "--profile_id" ] || [ "$1" = "-pid" ]; then
        validate_arg_value_exists "$1" "$#"
        shift
        profile_id="$1"
    elif [ -z "$1" ]; then
        break
    else
        usage
        exit 1
    fi
    shift
done

if [ -z "$var_fog" ]; then
    var_fog="https://inext-agents.cloud.ngen.checkpoint.com"
fi

if [ $UPLOAD_AGENT_POLICY = true ]; then
    upload_policy_to_the_cloud
else
    open-appsec-ctl --set-mode --online_mode --token $var_token --fog $var_fog
fi
if [ "$?" = "0" ]; then
    echo "SUCCESS"
fi

exit 0
